CISA Cybersecurity Strategic Plan

The FY2024-2026 Cybersecurity Strategic Plan guides CISA’s efforts in pursuit of a new vision for cybersecurity: a vision grounded in collaboration, in innovation, and in accountability.  

Aligned with the National Cybersecurity Strategy and nested under CISA’s 2023–2025 Strategic Plan, the Cybersecurity Strategic Plan provides a blueprint for how the agency will pursue a future in which damaging cyber intrusions are a shocking anomaly, organizations are secure and resilient, and technology products are secure by design and default. To this end, the Strategic Plan outlines three enduring goals: 

  • Address Immediate Threats by making it increasingly difficult for our adversaries to achieve their goals by targeting American and allied networks; 
  • Harden the Terrain by adopting strong practices for security and resilience that measurably reduce the likelihood of damaging intrusions; and 
  • Drive Security at Scale by prioritizing cybersecurity as a fundamental safety issue and ask more of technology providers to build security into products throughout their lifecycle, ship products with secure defaults, and foster radical transparency into their security practices so that customers clearly understand the risks they are accepting by using each product. 

Importantly, this Strategic Plan also has a unique focus on outcome-based measures of effectiveness to ensure CISA’s efforts have a measurable impact in reducing cybersecurity risk. 

Cybersecurity is a shared journey and a shared challenge that the entire nation must address together. As America’s Cyber Defense Agency, CISA serves a foundational role in the global cybersecurity community, but true and lasting security in cyberspace can only be achieved collaboratively. Government at all levels, industry, technology providers, the global community of cyber defenders, individual citizens, and others must all work together to achieve a secure cyber future.